package middleware

import (
	"github.com/gin-gonic/gin"
)

// Auth 中间件：验证客户端提供的 X-API-Key 是否合法
func Auth(validKeys []string) gin.HandlerFunc {
	return func(c *gin.Context) {
		clientKey := c.Request.Header.Get("X-API-Key")
		valid := false
		for _, k := range validKeys {
			if k == clientKey {
				valid = true
				break
			}
		}
		if !valid {
			c.AbortWithStatusJSON(401, gin.H{"error": "invalid api key"})
			return
		}
		c.Next()
	}
}
